Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (880)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-5399 2Cloudfoundry Pivotal Software 2Cloud Foundry Cf Deployment Credhub Nov 21, 2024 Feb 12, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop...Show more Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.Show less
CVE-2019-20061 1Mfscripts 1Yetishare Nov 21, 2024 Feb 10, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial passw...Show more The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.Show less
CVE-2020-8507 1Rogersmedia 1Citytv Video Nov 21, 2024 Feb 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.
CVE-2020-8506 1Corusent 1Global Tv Nov 21, 2024 Feb 5, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.
CVE-2020-7984 1Solarwinds 1N Central Nov 21, 2024 Jan 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacke...Show more SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.Show less
CVE-2019-19898 1Ixpdata 1Easyinstall Nov 21, 2024 Jan 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely.
CVE-2019-12399 2Apache Oracle 13Banking Corporate Lending Process Management Banking Credit Facilities Process ManagementBanking Liquidity Management+10 more Nov 21, 2024 Jan 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized...Show more When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.Show less
CVE-2014-5380 1Granding 1Grand Ma300 Firmware Nov 21, 2024 Jan 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Grand MA 300 allows retrieval of the access PIN from sniffed data.
CVE-2019-16274 1Dten 2D5 Firmware D7 Firmware Nov 21, 2024 Jan 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.
CVE-2019-19967 1Upc 1Connect Box Eurodocsis Firmware Nov 21, 2024 Dec 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/se...Show more The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.Show less
CVE-2019-4743 1Ibm 1Financial Transaction Manager For Multiplatform Nov 21, 2024 Dec 20, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this l...Show more IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880.Show less
CVE-2019-15911 1Asus 7As 101 Firmware Dl 101 FirmwareHg100 Firmware+4 more Nov 21, 2024 Dec 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause...Show more An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.Show less
CVE-2019-19890 1Humaxdigital 1Hgb10r 02 Firmware Nov 21, 2024 Dec 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.
CVE-2019-19889 1Humaxdigital 1Hgb10r 02 Firmware Nov 21, 2024 Dec 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.
CVE-2019-8632 1Apple 1Texture Nov 21, 2024 Dec 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privi...Show more Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data.Show less
CVE-2019-3993 2Elog Project Fedoraproject 2Elog Fedora Nov 21, 2024 Dec 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
CVE-2019-3992 2Elog Project Fedoraproject 2Elog Fedora Nov 21, 2024 Dec 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration...Show more ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords.Show less
CVE-2019-16568 1Jenkins 1Sctmexecutor Nov 21, 2024 Dec 17, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.
CVE-2019-16732 2Petwant Skymee 2Petalk Ai Firmware Pf 103 Firmware Nov 21, 2024 Dec 13, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
CVE-2019-18285 1Siemens 1Sppa T3000 Application Server Nov 21, 2024 Dec 12, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to...Show more A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less

Previous 1...343536...44 Next